For us at the moment it's specifically just "Log into the service using the console on a remote computer - Without having local admin rights on the server running the service". I've managed enough
using a local group policy to disallow local logon, remote logon and disabled powershell remoting on the server - But it's kind of cumbersome
I expect that longer term:
- Allow the ability to view backup job status
- Allow/Deny the ability to add/remove Organisations
- Allow/Deny the ability to add/remove Backup Jobs
- Allow/Deny the ability to restore items to the original source
- Allow/Deny the ability to export items/mailboxes to PST/Different target.
I can see from an MSP or service provider perspective being able to apply these at some sort of grouping or management level (organisation?) would be good, but also much harder to implement than just to the system as a whole - especially considering the Jet Blue backend.
These are just throwing them out there as ideas though - I can't specifically see the need for us
at this stage but it's certainly nice to have the options in a backup product. Say - We could allow our receptionist/dispatch to log in, and just make sure all the backups have run properly for the last week - but not have them able to make changes or get at anyone's data. Even though emails are nice and all, that quick check also covers if the service crashes, or there's some other weird issue.